Follow us

Description: Welcome to Part 5 of the Buffer Overflow Primer. If you have not already done so, please start this series by viewing Part 1. The Buffer Overflow Primer requires that you know at least some basic Assembly Language. I have created a series of Assembly Language video tutorials for Hackers here, for those not familiar with the language. <br><br>In this video we will learn how to convert the shellcode created in the previous video to a more usable format. It is important to note that the shellcode in the previous video cannot be used as-is becuase it contains NULLs and hardcoded addresses. Thus we need to convert it into something which can be injected into a buffer - i.e. we need to remove the NULLs and setup relative addressing. This video will show how we can replace the NULLs in the shellcode with instructions which results in non-NULL shellcode. Also, we discuss in detail how we can setup relative addressing within the shellcode and modify it at runtime to make it work. This is probably the most important video in the series, if one wants to understand the shellcode generation process completely.<br><br>Please download ExecveShellCode.s and ShellCode.c before you view this video. <br><br><br><br> <style type="text/css"> body { background: #FFF; } </style> </div>

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

You can be sure that I'm having a lot of knowledge about this. I'm studying exploit some times ago, like 1 and half year, and I'm graduating on Computer Cience, and my conclusion paper will be on exploit! :DI love this! =)You're helping me a lot to understand! Your explanations are very clean and easy to understand! Thank once more! :D

Hi Vivek, I m following ur vedios. They are awesome. I am trying practically everything you are teaching. It is wonderful experience.

I am using BT4 intel core 2 duo platform. In this ExecveShellCode.s example segmentation fault is coming. When i traced down by gdb it came when movb al,0x9(%esi) instruction execute . i am not able to find the reason. Pls help me or any other person solve this kind of problem give some advise..thanks

Thank you man for all the tutorials and hard work you put into this, this is really helping me a lot in my studies, I just wanted to ask you if you are planning anything interesting about the VPN technology, and I really did enjoy your Caffee Latte vuln. and you defcon speech, you are great, I hope I will contribute to the community one day. Thank you.

First of all, many thanks for this series. I always want to learn about stack overflow. And this series helped me a lot.

Btw, I am uding BT 5 and getting segmentation fault as neo_panky did. I think somehow code in "ShellCode" routine cannot modify the data in "/bin/bashABBBBCCCC" strings due to the some sort of restrictions of compiler. Please help me.

@albahal and @neo_panky , you WILL get the error message "Segmentation fault", BUT if you try it out without executing it and continue to the objdump command, you will see that it will work as expected spawning you a bash shell

@neo_panky & @albahalaI think the segmentation fault is caused by placing that whole string value into the .text section which then gets mapped into a read-only segment. The kernel sigfaults the user process because of a protection mechanism. It's like trying to change the code while it's running ...

First i want to thank for these amazing video series, now i want to ask some questions with the hope of getting response:1. We remove NULL bytes in order to prevent end of string, so that we have the entire /bin/bash ?If this is the case, why does the shellcode work in previous video where we have null bytes? I mean we load the bash when we run the .c program.2) How do you setup relative addressing? I don't think that you mentioned in the video.THANKS!